a993340dae90845c2e0023705acf113ebf50f51a888fe60fa8e266f68c60782d

Analysis

max time kernel
1616s
max time network
1589s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/02/2023, 21:28

Target

5321236078´.exe
Size

336.5MB
MD5

fa86afab3ecdbfa41d696d0019dc59b2
SHA1

c46b1625e53ae20ce08013386c1318691a559392
SHA256

a993340dae90845c2e0023705acf113ebf50f51a888fe60fa8e266f68c60782d
SHA512

8a61bd79a49a29d3e92312b3d2057269242d43ffaf0d04ca88f7283b4125c9eda384a55a2387aca16fc7e5d848dfc5377c0d00c684b02311bfd491f2121a8bd7
SSDEEP

24576:jy+DyHT3ezrzCZT72JyHKcJMhVJ+UgU2mc1bvmD+u+FNPqrTEzoPVLPC9ElXXUyy:jy++HSXuYJgkx+UjZsj1FNuEzoPVu/B

Score

1^/10

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2436	RuntimeBroker.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2436	836	5321236078´.exe	82
PID 836 wrote to memory of 2436	836	5321236078´.exe	82
PID 836 wrote to memory of 2436	836	5321236078´.exe	82

C:\Users\Admin\AppData\Local\Temp\5321236078´.exe
"C:\Users\Admin\AppData\Local\Temp\5321236078´.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2436

memory/2436-132-0x00000190843B0000-0x0000019084512000-memory.dmp

Filesize
1.4MB

Download
memory/2436-133-0x000001909EFA0000-0x000001909EFA8000-memory.dmp

Filesize
32KB

Download
memory/2436-134-0x00000190A2610000-0x00000190A2648000-memory.dmp

Filesize
224KB

Download
memory/2436-135-0x00000190A19E0000-0x00000190A19EE000-memory.dmp

Filesize
56KB

Download
memory/2436-136-0x00007FFE1C5A0000-0x00007FFE1D061000-memory.dmp

Filesize
10.8MB

Download
memory/2436-137-0x00007FFE1C5A0000-0x00007FFE1D061000-memory.dmp

Filesize
10.8MB

Download